views:

42

answers:

1

So the basis of this page is I set a session value when the page loads, and clear it on any other page they visit. Then the page can make an ajax call to download a file. If the session value matches the value I pass through the URL I allow them to download the file. If not I return a 404 error. I was having some weird issues, so I removed the 404 and set it to echo out the values instead to see what I was getting. Here is the top of the code on the page:

$code = $this->_request->getParam('code');
    $confirm = $_SESSION['mp3_code'];
    echo $code."-1-".$confirm;
    if($code != $confirm)
        echo $code."-2-".$confirm;//header("HTTP/1.1 404 Not Found");
    else
    {

Here is what displays on the page from the ajax call 12723430-1-12723430-2-

As you can see when it echos out the first time they exist, then somehow after I compare them and it fails you see that it echos out blank values like they suddenly ceased to exist. Any ideas?

+1  A: 

It is imperative that you make sure to call session_start at the top of any script using sessions. I think this may be the case here.

In your code, it's echoing $code and $confirm. But $confirm is an empty string since you are not actually retrieving the session data (why has yet to be determined), the condition will most of the time evaluate to TRUE.

Jacob Relkin